CVE-2020-13664 - OpenCVE

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal

Configuration 1 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

No data.

References

Link	Providers
https://www.drupal.org/sa-core-2020-005

History

No history.

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2021-05-05T14:56:39

Updated: 2024-08-04T12:25:16.209Z

Reserved: 2020-05-28T00:00:00

Link: CVE-2020-13664

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-05T15:15:08.227

Modified: 2021-05-14T18:10:26.547

Link: CVE-2020-13664

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Drupal Core", "vendor": "Drupal", "versions": [{"lessThan": "8.8.8", "status": "affected", "version": "8.8.x", "versionType": "custom"}, {"lessThan": "8.9.1", "status": "affected", "version": "8.9.x", "versionType": "custom"}, {"lessThan": "9.0.1", "status": "affected", "version": "9.0.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary PHP code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-05T14:56:39", "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/sa-core-2020-005"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@drupal.org", "ID": "CVE-2020-13664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Drupal Core", "version": {"version_data": [{"version_affected": "<", "version_name": "8.8.x", "version_value": "8.8.8"}, {"version_affected": "<", "version_name": "8.9.x", "version_value": "8.9.1"}, {"version_affected": "<", "version_name": "9.0.1", "version_value": "9.0.1"}]}}]}, "vendor_name": "Drupal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary PHP code execution"}]}]}, "references": {"reference_data": [{"name": "https://www.drupal.org/sa-core-2020-005", "refsource": "CONFIRM", "url": "https://www.drupal.org/sa-core-2020-005"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:25:16.209Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/sa-core-2020-005"}]}]}, "cveMetadata": {"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "assignerShortName": "drupal", "cveId": "CVE-2020-13664", "datePublished": "2021-05-05T14:56:39", "dateReserved": "2020-05-28T00:00:00", "dateUpdated": "2024-08-04T12:25:16.209Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FFE610-B1FE-4177-9895-947CD43B9E97", "versionEndExcluding": "8.8.8", "versionStartIncluding": "8.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D615108-F4BB-4245-8A07-59FBE362B364", "versionEndExcluding": "8.9.1", "versionStartIncluding": "8.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B108358-A0B2-44BC-8D3E-9AECEA14E3BE", "versionEndExcluding": "9.0.1", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo PHP arbitraria en Drupal Core bajo determinadas circunstancias. Un atacante podr\u00eda enga\u00f1ar a un administrador de visitar un sitio malicioso que podr\u00eda resultar en la creaci\u00f3n de un directorio cuidadosamente nombrado en el sistema de archivos. Con este directorio en su lugar, un atacante podr\u00eda intentar mediante fuerza bruta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Es m\u00e1s probable que los servidores de Windows est\u00e9n afectados. Este problema afecta a: Drupal Drupal Core versiones 8.8.x anteriores a 8.8.8; Versiones 8.9.x anteriores a 8.9.1; versiones 9.0.1 anteriores a 9.0.1"}], "id": "CVE-2020-13664", "lastModified": "2021-05-14T18:10:26.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-05T15:15:08.227", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-core-2020-005"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}